1 |
commit: 8979cd86bc10fb98bb70fc9a710d17912af73982 |
2 |
Author: Tony Vroon <chainsaw <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Oct 17 08:26:36 2018 +0000 |
4 |
Commit: Tony Vroon <chainsaw <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Oct 17 08:29:28 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8979cd86 |
7 |
|
8 |
net-misc/asterisk: CVE-2018-12227, CVE-2018-17281 |
9 |
|
10 |
Version bump to 13.23.1 to address 2 security vulnerabilities. |
11 |
|
12 |
CVE-2018-12227: PJSIP information disclosure |
13 |
SIP requests blocked by ACL respond 403 for an endpoint that |
14 |
exists and 401 for an endpoint that does not, allowing an |
15 |
attacker to identify valid accounts. |
16 |
|
17 |
CVE-2018-17281: HTTP websocket stack overflow |
18 |
An attacker can exhaust available stack space and crash the |
19 |
running Asterisk instance by sending a specially crafted HTTP |
20 |
request to res_http_websocket.so |
21 |
|
22 |
Bug: https://bugs.gentoo.org/668848 |
23 |
Signed-Off-By: Tony Vroon <chainsaw <AT> gentoo.org> |
24 |
Package-Manager: Portage-2.3.49, Repoman-2.3.11 |
25 |
|
26 |
net-misc/asterisk/Manifest | 1 + |
27 |
net-misc/asterisk/asterisk-13.23.1.ebuild | 327 ++++++++++++++++++++++++++++++ |
28 |
2 files changed, 328 insertions(+) |
29 |
|
30 |
diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest |
31 |
index cbfd28fd353..b5607f685a2 100644 |
32 |
--- a/net-misc/asterisk/Manifest |
33 |
+++ b/net-misc/asterisk/Manifest |
34 |
@@ -5,5 +5,6 @@ DIST asterisk-13.19.2.tar.gz 32991960 BLAKE2B 3b1f731fb68e2d455bfc76e863a8abbd89 |
35 |
DIST asterisk-13.20.0.tar.gz 32986236 BLAKE2B bc634d93ce4d0a6b524554fa35845a2f289035aea9e7da3098517cdd6d2c85c94482d393276937ea0bc7064260835757e5ffc048f10ea73ba9c0525fd1cf0457 SHA512 de3e740b0dc5bc90806282cbe16f5ec6d151c4a7520b965e6ed30e3cd88d3dc8aca1994c7ae929c039ad755688af6f09a825b665665aacb10cf2566eaa270ca5 |
36 |
DIST asterisk-13.21.0.tar.gz 32998111 BLAKE2B 7119c541efe80435db6b39571e25e24159b3929f075bd7fd8b1e3260a309bf1ab03599a79aea7d47c429af7e1553d1d89f348c55022e359a43b3fb98ee94882d SHA512 05b10017429a5c339bd50f7576e3198ffd6a71d698f7ad3f604d3e87b76f86da59841bad583c3d979e6e1b7a9fe9fba432c2a9c5faaa1e4dc48003228c637110 |
37 |
DIST asterisk-13.22.0.tar.gz 33036487 BLAKE2B 09febd1d9ca875b532dffb7e2be5bda0aa9b2aac22d39a28ee3270d5bcb46f56946549aa5d7c8159c00fdb5a7f36e6f5466d6ebfc93f39cb65276efe0bee52b9 SHA512 eb5416d6911aac474c4a1532b1452b0d05359e4150b2e03ba8ac7d5f5f8bfc837a1640fcf26dfa8452b3a738af37e5659f5db6680c16d3ff1ee6c785864c5d5c |
38 |
+DIST asterisk-13.23.1.tar.gz 33064056 BLAKE2B 7f531766df5f2db29b562e7c7d4e265d5cf610f192188691279c0294195b835bb62beef19d7e9554862e6b44764064b21d50a3e307bbf85dd12b67a2df8be459 SHA512 227bfc80b2e6382019d608296c4e1c8e992ba867636fa2c8ee578d0aa406b8828bf7962b24035d9b581c433afd18be7cbe98eb954112661b9759b6296ee686dd |
39 |
DIST gentoo-asterisk-patchset-3.17.tar.bz2 5074 BLAKE2B 3c945e77b54b2449253acb9fcea8d289a7a3184729190622c14aff5557d36c93556efa83320fe4e7ae84021960c09f35ae9f997e8015706eef933aae2948309e SHA512 37f86f3c699b2643afd8080391e817a282571694bb56e00efd0734918dbc33d6c12a2463dbc24667597420863b4f506870140fbb8ef3f1700124ef790ae7252d |
40 |
DIST gentoo-asterisk-patchset-4.07.tar.bz2 2471 BLAKE2B d9026e7e8c12431496c24f204d117ed715741623195af10c838ec3ac5ce6a26fbb2d76d4c45c538881b532084e2ce74d2de83a27a0abaa5f65791be91416ef6d SHA512 73a9f92e6a737687c311941100c45bbc573f54fa79d0284318996c0d70274a4d2218693406d71b371496d27123d4d99bbc159974388e6547a682c06084d3b4c5 |
41 |
|
42 |
diff --git a/net-misc/asterisk/asterisk-13.23.1.ebuild b/net-misc/asterisk/asterisk-13.23.1.ebuild |
43 |
new file mode 100644 |
44 |
index 00000000000..99d5134312a |
45 |
--- /dev/null |
46 |
+++ b/net-misc/asterisk/asterisk-13.23.1.ebuild |
47 |
@@ -0,0 +1,327 @@ |
48 |
+# Copyright 1999-2018 Gentoo Authors |
49 |
+# Distributed under the terms of the GNU General Public License v2 |
50 |
+ |
51 |
+EAPI=6 |
52 |
+inherit autotools eutils linux-info multilib user systemd |
53 |
+ |
54 |
+MY_P="${PN}-${PV/_/-}" |
55 |
+ |
56 |
+DESCRIPTION="Asterisk: A Modular Open Source PBX System" |
57 |
+HOMEPAGE="http://www.asterisk.org/" |
58 |
+SRC_URI="http://downloads.asterisk.org/pub/telephony/asterisk/releases/${MY_P}.tar.gz |
59 |
+ mirror://gentoo/gentoo-asterisk-patchset-4.07.tar.bz2" |
60 |
+LICENSE="GPL-2" |
61 |
+SLOT="0" |
62 |
+KEYWORDS="~amd64 ~ppc ~x86" |
63 |
+ |
64 |
+IUSE_VOICEMAIL_STORAGE=" |
65 |
+ +voicemail_storage_file |
66 |
+ voicemail_storage_odbc |
67 |
+ voicemail_storage_imap |
68 |
+" |
69 |
+IUSE="${IUSE_VOICEMAIL_STORAGE} alsa bluetooth calendar +caps cluster curl dahdi debug doc freetds gtalk http iconv ilbc xmpp ldap libedit libressl lua mysql newt +samples odbc osplookup oss pjproject portaudio postgres radius selinux snmp span speex srtp static syslog vorbis" |
70 |
+IUSE_EXPAND="VOICEMAIL_STORAGE" |
71 |
+REQUIRED_USE="gtalk? ( xmpp ) |
72 |
+ ^^ ( ${IUSE_VOICEMAIL_STORAGE/+/} ) |
73 |
+ voicemail_storage_odbc? ( odbc ) |
74 |
+" |
75 |
+ |
76 |
+EPATCH_SUFFIX="patch" |
77 |
+PATCHES=( "${WORKDIR}/asterisk-patchset" ) |
78 |
+ |
79 |
+CDEPEND="dev-db/sqlite:3 |
80 |
+ dev-libs/popt |
81 |
+ dev-libs/jansson |
82 |
+ dev-libs/libxml2 |
83 |
+ !libressl? ( dev-libs/openssl:0 ) |
84 |
+ libressl? ( dev-libs/libressl ) |
85 |
+ sys-libs/ncurses:* |
86 |
+ sys-libs/zlib |
87 |
+ alsa? ( media-libs/alsa-lib ) |
88 |
+ bluetooth? ( net-wireless/bluez ) |
89 |
+ calendar? ( net-libs/neon |
90 |
+ dev-libs/libical |
91 |
+ dev-libs/iksemel ) |
92 |
+ caps? ( sys-libs/libcap ) |
93 |
+ cluster? ( sys-cluster/corosync ) |
94 |
+ curl? ( net-misc/curl ) |
95 |
+ dahdi? ( >=net-libs/libpri-1.4.12_beta2 |
96 |
+ net-misc/dahdi-tools ) |
97 |
+ freetds? ( dev-db/freetds ) |
98 |
+ gtalk? ( dev-libs/iksemel ) |
99 |
+ http? ( dev-libs/gmime:2.6 ) |
100 |
+ iconv? ( virtual/libiconv ) |
101 |
+ ilbc? ( dev-libs/ilbc-rfc3951 ) |
102 |
+ xmpp? ( dev-libs/iksemel ) |
103 |
+ ldap? ( net-nds/openldap ) |
104 |
+ libedit? ( dev-libs/libedit ) |
105 |
+ lua? ( dev-lang/lua:* ) |
106 |
+ mysql? ( virtual/mysql ) |
107 |
+ newt? ( dev-libs/newt ) |
108 |
+ odbc? ( dev-db/unixODBC ) |
109 |
+ osplookup? ( net-libs/osptoolkit ) |
110 |
+ portaudio? ( media-libs/portaudio ) |
111 |
+ postgres? ( dev-db/postgresql:* ) |
112 |
+ radius? ( net-dialup/freeradius-client ) |
113 |
+ snmp? ( net-analyzer/net-snmp ) |
114 |
+ span? ( media-libs/spandsp ) |
115 |
+ speex? ( media-libs/speex ) |
116 |
+ srtp? ( net-libs/libsrtp:0 ) |
117 |
+ vorbis? ( media-libs/libvorbis )" |
118 |
+ |
119 |
+DEPEND="${CDEPEND} |
120 |
+ !net-libs/openh323 |
121 |
+ !net-libs/pjsip |
122 |
+ voicemail_storage_imap? ( virtual/imap-c-client ) |
123 |
+ virtual/pkgconfig |
124 |
+ pjproject? ( >=net-libs/pjproject-2.6 ) |
125 |
+" |
126 |
+ |
127 |
+RDEPEND="${CDEPEND} |
128 |
+ selinux? ( sec-policy/selinux-asterisk ) |
129 |
+ syslog? ( virtual/logger )" |
130 |
+ |
131 |
+PDEPEND="net-misc/asterisk-core-sounds |
132 |
+ net-misc/asterisk-extra-sounds |
133 |
+ net-misc/asterisk-moh-opsound" |
134 |
+ |
135 |
+S="${WORKDIR}/${MY_P}" |
136 |
+ |
137 |
+pkg_setup() { |
138 |
+ CONFIG_CHECK="~!NF_CONNTRACK_SIP" |
139 |
+ local WARNING_NF_CONNTRACK_SIP="SIP (NAT) connection tracking is enabled. Some users |
140 |
+ have reported that this module dropped critical SIP packets in their deployments. You |
141 |
+ may want to disable it if you see such problems." |
142 |
+ check_extra_config |
143 |
+ |
144 |
+ enewgroup asterisk |
145 |
+ enewgroup dialout 20 |
146 |
+ enewuser asterisk -1 -1 /var/lib/asterisk "asterisk,dialout" |
147 |
+} |
148 |
+ |
149 |
+src_prepare() { |
150 |
+ default |
151 |
+ AT_M4DIR="autoconf third-party third-party/pjproject" eautoreconf |
152 |
+} |
153 |
+ |
154 |
+src_configure() { |
155 |
+ local vmst |
156 |
+ |
157 |
+ econf \ |
158 |
+ --libdir="/usr/$(get_libdir)" \ |
159 |
+ --localstatedir="/var" \ |
160 |
+ --with-crypto \ |
161 |
+ --with-gsm=internal \ |
162 |
+ --with-popt \ |
163 |
+ --with-ssl \ |
164 |
+ --with-z \ |
165 |
+ --without-pwlib \ |
166 |
+ $(use_with caps cap) \ |
167 |
+ $(use_with http gmime) \ |
168 |
+ $(use_with newt) \ |
169 |
+ $(use_with portaudio) \ |
170 |
+ $(use_with pjproject) |
171 |
+ |
172 |
+ # Blank out sounds/sounds.xml file to prevent |
173 |
+ # asterisk from installing sounds files (we pull them in via |
174 |
+ # asterisk-{core,extra}-sounds and asterisk-moh-opsound. |
175 |
+ >"${S}"/sounds/sounds.xml |
176 |
+ |
177 |
+ # That NATIVE_ARCH chatter really is quite bothersome |
178 |
+ sed -i 's/NATIVE_ARCH=/NATIVE_ARCH=0/' build_tools/menuselect-deps || die "Unable to squelch noisy build system" |
179 |
+ |
180 |
+ # Compile menuselect binary for optional components |
181 |
+ emake menuselect.makeopts |
182 |
+ |
183 |
+ # Broken functionality is forcibly disabled (bug #360143) |
184 |
+ menuselect/menuselect --disable chan_misdn menuselect.makeopts |
185 |
+ menuselect/menuselect --disable chan_ooh323 menuselect.makeopts |
186 |
+ |
187 |
+ # Utility set is forcibly enabled (bug #358001) |
188 |
+ menuselect/menuselect --enable smsq menuselect.makeopts |
189 |
+ menuselect/menuselect --enable streamplayer menuselect.makeopts |
190 |
+ menuselect/menuselect --enable aelparse menuselect.makeopts |
191 |
+ menuselect/menuselect --enable astman menuselect.makeopts |
192 |
+ |
193 |
+ # this is connected, otherwise it would not find |
194 |
+ # ast_pktccops_gate_alloc symbol |
195 |
+ menuselect/menuselect --enable chan_mgcp menuselect.makeopts |
196 |
+ menuselect/menuselect --enable res_pktccops menuselect.makeopts |
197 |
+ |
198 |
+ # SSL is forcibly enabled, IAX2 & DUNDI are expected to be available |
199 |
+ menuselect/menuselect --enable pbx_dundi menuselect.makeopts |
200 |
+ menuselect/menuselect --enable func_aes menuselect.makeopts |
201 |
+ menuselect/menuselect --enable chan_iax2 menuselect.makeopts |
202 |
+ |
203 |
+ # SQlite3 is now the main database backend, enable related features |
204 |
+ menuselect/menuselect --enable cdr_sqlite3_custom menuselect.makeopts |
205 |
+ menuselect/menuselect --enable cel_sqlite3_custom menuselect.makeopts |
206 |
+ |
207 |
+ # The others are based on USE-flag settings |
208 |
+ use_select() { |
209 |
+ local state=$(use "$1" && echo enable || echo disable) |
210 |
+ shift # remove use from parameters |
211 |
+ |
212 |
+ while [[ -n $1 ]]; do |
213 |
+ menuselect/menuselect --${state} "$1" menuselect.makeopts |
214 |
+ shift |
215 |
+ done |
216 |
+ } |
217 |
+ |
218 |
+ use_select alsa chan_alsa |
219 |
+ use_select bluetooth chan_mobile |
220 |
+ use_select calendar res_calendar res_calendar_{caldav,ews,exchange,icalendar} |
221 |
+ use_select cluster res_corosync |
222 |
+ use_select curl func_curl res_config_curl res_curl |
223 |
+ use_select dahdi app_dahdiras app_meetme chan_dahdi codec_dahdi res_timing_dahdi |
224 |
+ use_select freetds {cdr,cel}_tds |
225 |
+ use_select gtalk chan_motif |
226 |
+ use_select http res_http_post |
227 |
+ use_select iconv func_iconv |
228 |
+ use_select xmpp res_xmpp |
229 |
+ use_select ilbc codec_ilbc format_ilbc |
230 |
+ use_select ldap res_config_ldap |
231 |
+ use_select lua pbx_lua |
232 |
+ use_select mysql app_mysql cdr_mysql res_config_mysql |
233 |
+ use_select odbc cdr_adaptive_odbc res_config_odbc {cdr,cel,res,func}_odbc |
234 |
+ use_select osplookup app_osplookup |
235 |
+ use_select oss chan_oss |
236 |
+ use_select postgres {cdr,cel}_pgsql res_config_pgsql |
237 |
+ use_select radius {cdr,cel}_radius |
238 |
+ use_select snmp res_snmp |
239 |
+ use_select span res_fax_spandsp |
240 |
+ use_select speex {codec,func}_speex |
241 |
+ use_select srtp res_srtp |
242 |
+ use_select syslog cdr_syslog |
243 |
+ use_select vorbis format_ogg_vorbis |
244 |
+ |
245 |
+ # Voicemail storage ... |
246 |
+ for vmst in ${IUSE_VOICEMAIL_STORAGE/+/}; do |
247 |
+ if use ${vmst}; then |
248 |
+ menuselect/menuselect --enable $(echo ${vmst##*_} | tr '[:lower:]' '[:upper:]')_STORAGE menuselect.makeopts |
249 |
+ fi |
250 |
+ done |
251 |
+ |
252 |
+ if use debug; then |
253 |
+ for o in DONT_OPTIMIZE DEBUG_THREADS BETTER_BACKTRACES; do |
254 |
+ menuselect/menuselect --enable $o menuselect.makeopts |
255 |
+ done |
256 |
+ fi |
257 |
+} |
258 |
+ |
259 |
+src_compile() { |
260 |
+ ASTLDFLAGS="${LDFLAGS}" emake |
261 |
+} |
262 |
+ |
263 |
+src_install() { |
264 |
+ mkdir -p "${D}"usr/$(get_libdir)/pkgconfig || die |
265 |
+ emake DESTDIR="${D}" installdirs |
266 |
+ emake DESTDIR="${D}" install |
267 |
+ |
268 |
+ if use radius; then |
269 |
+ insinto /etc/radiusclient/ |
270 |
+ doins contrib/dictionary.digium |
271 |
+ fi |
272 |
+ diropts -m 0750 -o root -g asterisk |
273 |
+ keepdir /etc/asterisk |
274 |
+ if use samples; then |
275 |
+ emake DESTDIR="${D}" samples |
276 |
+ for conffile in "${D}"etc/asterisk/*.* |
277 |
+ do |
278 |
+ chown root:root $conffile |
279 |
+ chmod 0644 $conffile |
280 |
+ done |
281 |
+ einfo "Sample files have been installed" |
282 |
+ else |
283 |
+ einfo "Skipping installation of sample files..." |
284 |
+ rm -f "${D}"var/lib/asterisk/mohmp3/* || die |
285 |
+ rm -f "${D}"var/lib/asterisk/sounds/demo-* || die |
286 |
+ rm -f "${D}"var/lib/asterisk/agi-bin/* || die |
287 |
+ rm -f "${D}"etc/asterisk/* || die |
288 |
+ fi |
289 |
+ rm -rf "${D}"var/spool/asterisk/voicemail/default || die |
290 |
+ |
291 |
+ # keep directories |
292 |
+ diropts -m 0770 -o asterisk asterisk |
293 |
+ keepdir /var/lib/asterisk |
294 |
+ keepdir /var/spool/asterisk |
295 |
+ keepdir /var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail} |
296 |
+ diropts -m 0750 -o asterisk -g asterisk |
297 |
+ keepdir /var/log/asterisk/{cdr-csv,cdr-custom} |
298 |
+ |
299 |
+ newinitd "${FILESDIR}"/1.8.0/asterisk.initd8 asterisk |
300 |
+ newconfd "${FILESDIR}"/1.8.0/asterisk.confd asterisk |
301 |
+ |
302 |
+ systemd_dounit "${FILESDIR}"/asterisk.service |
303 |
+ systemd_newtmpfilesd "${FILESDIR}"/asterisk.tmpfiles.conf asterisk.conf |
304 |
+ systemd_install_serviced "${FILESDIR}"/asterisk.service.conf |
305 |
+ |
306 |
+ # install the upgrade documentation |
307 |
+ # |
308 |
+ dodoc UPGRADE* BUGS CREDITS |
309 |
+ |
310 |
+ # install extra documentation |
311 |
+ # |
312 |
+ if use doc |
313 |
+ then |
314 |
+ dodoc doc/*.txt |
315 |
+ dodoc doc/*.pdf |
316 |
+ fi |
317 |
+ |
318 |
+ # install SIP scripts; bug #300832 |
319 |
+ # |
320 |
+ dodoc "${FILESDIR}/1.6.2/sip_calc_auth" |
321 |
+ dodoc "${FILESDIR}/1.8.0/find_call_sip_trace.sh" |
322 |
+ dodoc "${FILESDIR}/1.8.0/find_call_ids.sh" |
323 |
+ dodoc "${FILESDIR}/1.6.2/call_data.txt" |
324 |
+ |
325 |
+ # install logrotate snippet; bug #329281 |
326 |
+ # |
327 |
+ insinto /etc/logrotate.d |
328 |
+ newins "${FILESDIR}/1.6.2/asterisk.logrotate4" asterisk |
329 |
+} |
330 |
+ |
331 |
+pkg_postinst() { |
332 |
+ # |
333 |
+ # Announcements, warnings, reminders... |
334 |
+ # |
335 |
+ einfo "Asterisk has been installed" |
336 |
+ echo |
337 |
+ elog "If you want to know more about asterisk, visit these sites:" |
338 |
+ elog "http://www.asteriskdocs.org/" |
339 |
+ elog "http://www.voip-info.org/wiki-Asterisk" |
340 |
+ echo |
341 |
+ elog "http://www.automated.it/guidetoasterisk.htm" |
342 |
+ echo |
343 |
+ elog "Gentoo VoIP IRC Channel:" |
344 |
+ elog "#gentoo-voip @ irc.freenode.net" |
345 |
+ echo |
346 |
+ echo |
347 |
+ elog "Please read the Asterisk 13 upgrade document:" |
348 |
+ elog "https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+13" |
349 |
+} |
350 |
+ |
351 |
+pkg_config() { |
352 |
+ einfo "Do you want to reset file permissions and ownerships (y/N)?" |
353 |
+ |
354 |
+ read tmp |
355 |
+ tmp="$(echo $tmp | tr '[:upper:]' '[:lower:]')" |
356 |
+ |
357 |
+ if [[ "$tmp" = "y" ]] ||\ |
358 |
+ [[ "$tmp" = "yes" ]] |
359 |
+ then |
360 |
+ einfo "Resetting permissions to defaults..." |
361 |
+ |
362 |
+ for x in spool run lib log; do |
363 |
+ chown -R asterisk:asterisk "${ROOT}"var/${x}/asterisk |
364 |
+ chmod -R u=rwX,g=rwX,o= "${ROOT}"var/${x}/asterisk |
365 |
+ done |
366 |
+ |
367 |
+ chown -R root:asterisk "${ROOT}"etc/asterisk |
368 |
+ chmod -R u=rwX,g=rwX,o= "${ROOT}"etc/asterisk |
369 |
+ |
370 |
+ einfo "done" |
371 |
+ else |
372 |
+ einfo "skipping" |
373 |
+ fi |
374 |
+} |